Dr. Christian Collberg
University of Arizona, United States

TOPIC: Software Protection

Software protection is the branch of computer security that studies techniques for protecting secrets contained in computer programs from being discovered, modified, or redistributed. In this introductory lecture we will show how an adversary can study a program under their control (using disassemblers, decompilers, etc.) in order to extract proprietary information or modify the program, for example in order to bypass a license check. We will discuss important basic software protection algorithms for obfuscation, tamper-­‐proofing, and software watermarking, as well as basic reverse engineering techniques for attacking such protections.

Dr. Jack Davidson
University of Virginia, United States

TOPIC: Code protection by dynamic translation

Computing is increasingly ubiquitous. It is used in many areas of daily life, from cellular telephones, managing health and financial records, e-­‐commerce, and electronic voting, to name a few. Users of these various computing platforms demand high quality, undisrupted service, and privacy and security of their personal information. Beyond personal use, much of society & critical infrastructure is also controlled by complex software systems. Unfortunately, because of its complexity, it is difficult to build software that is impervious from attack by malicious adversaries. Indeed, every day there are reports of intrusions and security breaches that result in financial loss and disclosure of confidential or proprietary information. A promising approach for providing protection of software from a wide variety of attacks is the use of lightweight process virtualization via software dynamic translation. This course will provide an introduction to the concept of software dynamic translation, discuss its efficient implementation, and describe its use to protect software from various types of attacks as well as the power and utility of software dynamic translation, in addition to several hands-­‐on exercises that implements a protection scheme using software dynamic translation.

Dr. Yuan Gu
IRDETO, Canada

TOPIC: The industrial challenge in Software and information protection

Untrusted environments dominate the digital world i.e. from consumer devices, home networks, to the public Internet, cloud and web services, extending to the Internet of Things. Traditional security models are inadequate to address emerging threat models and attacks in such environments. The wireless connectivity provides anything/anytime/anywhere connection to playing contents, e-­‐mail, instant messaging, mobile banking, mobile payment, weather and travel information, and lots of other digital information services. All of these make white-­‐box security and digital asset protection much more challenging. This course describes and discusses white-­‐box software attack scenarios and security patterns (that are abstracted from many application domains in terms of use cases, vulnerability and threat analysis, and security solutions), the security lifecycle of digital asset application mandating protection from creation, through distribution and then ultimately consumption from being deployed in the field. The sessions delve into software protection technologies in markets as a guide to the state of the art. This course is structured in two sessions: 1) a course lecture; 2) a panel to host a group of industrial experts to present, discuss and explore some most interesting software and information protection issues in emerging markets.

Dr. Arun Lakhotia
University of Louisiana, United States

TOPIC: Binary analysis in Polymorphic Malware Detection

Analysis of malware introduces new challenges that are not present when analyzing programs in the normal context. Besides the fact that the programs are in a binary form, they are explicitly created to defeat analysis by hiding behind undecidability. Nonetheless, this course will reveal that program analysis methods can indeed be used to answer a variety of questions related to malware. For instance, by relaxing the requirements of safety one can use program analysis to provide semantics based features to a machine learner. Similarity analysis is a key tool for understanding and querying big data of code, in particular in the context of malware analysis and mitigation. The course will provide an end-­to‐end experience in analyzing malware binaries, extracting semantics features, and using those in a machine learner to find similar malware in a repository. There will be hands­‐on exercises to also highlight opportunities and challenges for further research, and introduce one to the state­‐of‐the­‐art technologies.

Dr. Roberto Giacobazzi
University of Verona, Italia and IMDEA Software Institute, Spain

TOPIC: Theory and practice of code attack: Semantics, analysis and code transformation

In this course, systematic and automatic methods for code attack and reverse engineering will be of prime focus. An introduction to static and dynamic program analysis as basic tools for understanding what programs do and for making reverse engineering will be described. Most known attack methods based on control/data-­‐flow analysis, profiling, tracing, emulation, disassembly and decompilation will be presented as suitable abstractions of an interpreter. Obfuscation and watermarking will be then discussed as methods for making these abstract interpreters incomplete when acting on the modified (obfuscated or watermarked) code, i.e. failing to extract hidden information. Systematic methods for making abstract interpreters incomplete will be discussed together with concrete examples and challenging future research directions. The result is a unifying and comprehensive view of SW protection strategies that provides both theoretical bases for most of the known attack and defense methods and a perspective for the design of a new algorithm for surreptitious software. The class will consist of lectures and hands-­‐on exercises. Slides will be distributed to the course attendees.

TOPIC: Software security of embedded applications

Software is increasingly in embedded devices, which brings extra attack vectors (notably side channel attacks) and more constraints on implementations. Moreover, black box analysis techniques are particularly relevant for embedded software, as there is often no easy access to binaries. This course will provide an overview of issues for software security in embedded devices, especially for smartcards, and discuss automated techniques for the reverse engineering of protocol implementations, which is effectively an advanced form of fuzzing. This technique has proved to be successful for standard network protocols as well as embedded devices.